The story here: Someone posted on their Tumblr blog "I'm closing this page, please join me on my new one." The address that was linked was:

hax.tumblr.com

Hmmm!! Okay, so where does clicking that link go? To something that looks like the regular Tumblr login screen, but look close at the address:

llogin.tumblr.com

Two L's. Someone created a Tumblr phish page on Tumblr!

Afterword: The guy whose page the "closing this page" link to hax.tumblr.com appeared on was hacked himself, that's how this password-stealing post got there. He has since changed his password, and it's unclear at this moment (since this happened about 20 minutes ago) if anyone else's password was compromised by "logging into" this page.

Volume 2: Weeks later this fake login was recycled, but since putting URLs into Ask messages has been disabled they used a different tact... this time legit accounts were used (the UN/PWs that had been snagged in the previous round) sending out public posts that one's followers see, which said that some girl had uploaded a bunch of nudes accidentally and so go to this page they'd created to see them. And the above, under a URL like "roxyspictures.tumblr.com", would come up.

Flickriver widget for iGoogle or Netvibes can display almost any Flickriver view - most interesting today, by user, by group, by tag etc. Once added to your personalized homepage, just edit widget settings to select your desired view.